Re: fail2ban vs. syslogd compression

To: debian-security@lists.debian.org
Subject: Re: fail2ban vs. syslogd compression
From: Maxim Kammerer <mk@antira.info>
Date: Thu, 30 Aug 2007 11:42:03 +0200
Message-id: <[🔎] c6fda25b530a588fe24239aa5a311b72@localhost>
In-reply-to: <[🔎] 20070828172422.GB18655@colo.lackof.org>
References: <[🔎] 20070828172422.GB18655@colo.lackof.org>

Ok, thanx to everybody for the advice. I am no step closer to a solution
however. I see different routes:

1) Clarify if it is really true that the message "last message repeated \d+
times" does not always refer to the last message, as suggested in one post.
I thought that syslogd's raison d'etre was exactly to provide a unified
tracking system for log messages, so it really should know where it's
messages came from and should take great pains in keeping its output sound.
Otherwise, that would be a serious bug, wouldn't it? If the messages are
reliable, which I tend to assume, then the obvious patch to fail2ban should
work. Unfortunately I can't read greek, so I don't know if more detailed
problems are mentioned in the referred to post from greek lug.

2) The other idea is to keep seperate temporary logs, with
anti-syslog-compression. it really raises the effort needed to maintain the
system (thus makes it likely to break). 

When I find some time, I'll get in touch with the fail2ban-developers. I am
back on the list once I head something useful.

Thanks again.

Maxim

Reply to:

References:
- Re: fail2ban vs. syslogd compression
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Re: missing security updates for powerpc
Next by Date: Re: fail2ban vs. syslogd compression
Previous by thread: Re: fail2ban vs. syslogd compression
Next by thread: Re: fail2ban vs. syslogd compression
Index(es):
- Date
- Thread